What is happening with secure messaging in Europe?

A European project plans to force messaging applications to scan private conversations to detect signs of child pornography. However, strong controversy is emerging, since privacy and IT security could be collateral victims of this legitimate objective.

In the name of the fight against child crime, should we accept a decline in computer security and privacy? This, in short, is the issue hidden behind a European text currently being discussed in community bodies. In recent days, this prospect has caused particular excitement on social networks, but what exactly is happening?

What is Bill Chat Control, which wants to scan your private conversations?

Those responsible for large secure messaging systems have come up against the European text, one of the particularities of which is to force the providers of these tools to inspect the content of messages and files that Internet users send, in order to detect child pornography content. This is why we talk about upload moderation. The text has even earned the nickname “Chat Control”.

The risk posed by legislation like this is a weakening, or even a calling into question, of certain technological fundamentals. One of the main fears is a weakening of end-to-end encryption, a principle found in particular in the Signal application and Proton’s webmail to secure exchanges.

More generally, it is a mechanism that is also used by other programs, some of which are very popular, with millions or even billions of members. WhatsApp, Facebook Messenger, Google Messages, Instagram, Line, Olvid, Skype, Telegram, Viber, Wickr, Wire, iMessage… All offer end-to-end encryption. Sometimes by default, sometimes as an option, under conditions or not.

Chat Control’s proposal is considered catastrophic by many observers. // Source: Thom — Photo modified

In the European Parliament, one of the strongest and most critical voices of Chat Control is Patrick Breyer, a member of the Pirate Party and MEP since 2019. The parliamentarian has long opposed Chat Control, but his mobilization has further increased in recent days, due to the imminent holding of a vote, on June 20, 2024, which will allow the text to take a step forward in its legislative journey.

The vote in question aims to approve a partial negotiating mandate that the Council (which represents the 27 EU member states) can discuss with the European Parliament. This is not a vote to validate the text. However, a possible failure in the Council could cause the Chat Contro to go off course, hence the insistence with which Patrick Breyer and others call for influence on the government. “ It’s up to all of us now. Write an email to your government. Share the call to action. Call your government today. Together we are the resistance. Stop Chat Control! », he said again on June 19.

This proposed regulation to establish rules to prevent and combat sexual abuse of children attracted attention when it was presented in 2022 by the European Commission. At the time, Numerama had already highlighted that the EU strategy against child pornography threatened the privacy of Internet users. In addition, the European authorities responsible for the protection of private life had also judged this plan disastrous.

Encrypted messaging is pissed

The European proposal “ to monitor and scan mass chats is the same old surveillance, with a new face. Whether you call it a backdoor, a gateway, or upload moderation, it undermines encryption and creates significant vulnerabilities “, denounces Meredith Whittaker, president of the Signal foundation.

Meredith WhittakerMeredith Whittaker
Meredith Whittaker. // Source: POZ_1464

Let’s be clear. Upload moderation is a mass surveillance program. We urge EU governments to reject mass scanning of their citizens’ communications by voting against this proposal » reacted the Proton company, quoting Meredith Whittaker’s message.

As for Mullvad, this Swedish company indicated that “ Chat control is a corrupt proposition put forward by undemocratic methods. […] The European Council should follow the example of the European Parliament and reject it. » Mullvad also wrote a more detailed text, like Signal.

What do Signal, Proton and Mullvad have in common? Offer products with a very high degree of confidentiality and security. Signal is an instant messaging application, rival to WhatsApp. Proton provides a suite of software and services (webmail, VPN, storage, password manager, calendar). Finally, Mullvad is a VPN provider, which Mozilla uses for its own.

A negotiating mandate discussed on June 20

In the workings of the European Union for several months, the subject has lost media attention. Nothing says the European Union is going to kill encryption, as has been said, but it is an important discussion nonetheless. The European Parliament is officially against a measure of this kind. Failure in Parliament could spell the death of the text, and there will be several occasions on which parliamentarians could vote against it.

At the level of the European Council, nothing is decided either. States are moving forward in dispersed order: in 2023, it was noted that the majority of EU countries were in favor of scanning private messages, even encrypted ones.

The Signal logo on a Cyberguerre background // Source: Numerama/CyberguerreThe Signal logo on a Cyberguerre background // Source: Numerama/Cyberguerre
The Signal logo on a Cyberguerre background // Source: Numerama/Cyberguerre

According to a progress report from Patrick Breyer, made on June 15, Germany, Luxembourg, the Netherlands, Austria and Poland are against the text. Others have not yet really taken a position: Italy, Finland, the Czech Republic, Sweden, Slovenia, Estonia, Greece and Portugal. Concerning France, its position is considered uncertain. The possibility of a breakdown in the European Council cannot therefore be ruled out.

A departure from messaging services?

It is perhaps also the European destiny of certain applications that will be at stake. In the past, messaging services like WhatsApp and Signal have indicated that they could leave a market that calls into question the principle of end-to-end encryption. At the time, the warning was aimed at England, which has since watered its wine.

This warning could now be renewed for the EU. This is what Threema does, by the way, another app of the same kind. But before that, it promises that it will use other levers, such as legal action or the implementation of new technical solutions. Proton, last year, made the same commitment to go to court if necessary. In short, encryption is still far from being banned.


Do you want to know everything about the mobility of tomorrow, from electric cars to e-bikes? Subscribe now to our Watt Else newsletter!

-

-

PREV Engie and Macquarie join forces to extend the Mayakan gas pipeline in Mexico
NEXT National holiday: where and when to see the July 14 fireworks in Essonne